<?php
$dt = new DataTable ( constant ( 'DB_TABLE_USER' ) );
$act = isset ( $_REQUEST ['act'] ) ? $_REQUEST ['act'] : '';
$GLOBALS ['error_message'] = '';
$GLOBALS ['success_message'] = '';
if ($act == 'save') {
	$oldpwd = trim ( $_REQUEST ['oldpwd'] );
	$newpwd = trim ( $_REQUEST ['newpwd'] );
	$confirmpwd = trim ( $_REQUEST ['confirmpwd'] );
	$newuser = trim ( $_REQUEST ['newuser'] );
	if (strlen ( $newpwd ) > 0) {
		if ($newpwd == $confirmpwd) {
			$row = $dt->get_row (sprintf("`login_user`='%s'",Util::sql_safe($_REQUEST['olduser'])));
			if ($row && md5 ( $oldpwd ) == $row ['login_password']) {
				$update_data = array ('id' => $row ['id'], 'login_password' => md5 ( $newpwd ) );
				if ( strlen( $newuser) > 0) {
					$update_data['login_user'] = $newuser;
				}
				$dt->save($update_data);
				$GLOBALS ['success_message'] = '管理員密碼修改成功';
			} else {
				$GLOBALS ['error_message'] = '舊帳號或者密碼錯誤';
			}
		} else {
			$GLOBALS ['error_message'] = '新密碼與確認密碼不一樣';
		}
	} else {
		$GLOBALS ['error_message'] = '新密碼不能够爲空';
	}
}
$row = $dt->get_row();
$GLOBALS['PAGE_DATA_USER_NAME'] = $row['login_user'];
?>